Freeze/thaw and signed zone files
@lbutlr
kremels at kreme.com
Fri Feb 22 01:46:49 UTC 2019
On 21 Feb 2019, at 18:28, @lbutlr <kremels at kreme.com> wrote:
> Is the original random key that was generated at the time of signing kept somewhere? NSEC3 seems to contain a 16 character hex sting that recurs throughout the file.
OK, I moved aside the signed file, resigned the domain using the 16 character string I found repeated in the original .signed file and the dsset file contained the same strings, and the signed file was created anew and it contains the new subdomains. So, that immediate problem is solved.
First instance is on NSEC3PARAM parma line, so awk '/NSEC3PARAM 1/{ print $NF}’ zone.signed
--
people didn't seem to be able to remember what it was like with the
elves around. Life was certainly more interesting then, but usually
because it was shorter. And it was more colourful, if you liked the
colour of blood. --Lords and Ladies
More information about the bind-users
mailing list